Local Companies Urged to Bolster Cybersecurity Readiness in Compliance with GDPR

Cybersecurity solutions provider Fortinet has urged companies and organizations in the Philippines to make the necessary preparations and arrangements for their businesses in order to comply with the European Union’s General Data Protection Regulation (GDPR) which was implemented on May 25, 2018.

Local Companies Urged to Bolster Cybersecurity Readiness in Compliance with GDPR

With some similarities as the country’s Data Privacy Act of 2012, the GDPR protects citizens, particularly those of the European Union (EU), with regards to data privacy and transparency. This will be strictly enforced through fines, sanctions, and injured-party compensation.

The GDPR finely balances the rights of EU citizens to control their personal data against the responsibilities of organizations to protect that data both in the course of normal operations as well as in the case of data breaches.

Significant new EU personal information protections include the right to explicitly approve the personal data usage and a “right to be forgotten,” enabling people to demand that an organization purge any personal data about them. While businesses and governments with a physical presence in the EU will need to abide by GDPR, it may also apply to firms with significant EU customer or client bases.

“While GDPR affects private and public sector organizations handling PII, certain key industries will have heightened exposure as a result of the volumes of PII data they handle as well as the nature of their business,” said Peerapong Jongvibool, Regional Director for Southeast Asia and Hong Kong, Fortinet. “These include e-commerce-based organizations operating internationally, as well as companies that serve significant numbers of tourists, visitors, or expatriates from the EU.”

According to Fortinet, the top three industries impacted by GDPR in Southeast Asia that serve EU markets include retail, healthcare, and financial services.

“At the end of the day, complying with GDPR
may well turn out to be the right thing to do to protect the privacy
and interests of all stakeholder communities linked to an organization,”
concluded Jongvibool. “As onerous as GDPR might seem, it could mark a
big step towards restoring public confidence in the ability of
businesses to deliver social benefits while simultaneously curbing
social risks.”

Fortinet advises enterprises in the Philippines to take the following steps to accelerate GDPR compliance:

Conduct a comprehensive data audit to understand data source, collection and processing. It should include documenting where GDPR-impacted data is stored, how it is communicated between systems within the domain, and any external clouds or third-party data custodians.

Determine how long it takes for data-breach detection and mitigation and what is required to improve these processes to meet GDPR requirements. This element of the action plan should also include a detailed security assessment.